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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH{S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 09 March 2000 . 
2a)n This action is FINAL. 2b)I3 This action is non-final. 

3) 0 Since this application is in con(jition for allowance except for formal matters, prosecution as to the merits is 

close(j in accordance with the practice under £x parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) IS1 ,Clalm(s) 1-50 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-14,16,19-35 and 37-50 is/are rejected. 

7) 13 Claimfs) 15,17,18 and 36 is/are obiected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on Is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) n The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)nAI! b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No, . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (POT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) 0 Acknowledgment is made of a claim for domestjc priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1 .78. 
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DETAILED ACTION 

1 . Claims 1 -50 are pending. 

Claim Objections 

2. Claims 15,17 and 18, 36 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate 

A method for operating a portable authorization device paragraphs of 35 U.S.C. 102 
that form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only rf the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-14, 16, 19-35, 37-50 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Bachman et al. 

In reference to claim 1 : 
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Bachman et al. discloses a session-state management method comprising: 

• generating an encoded session-state token, wherein the token incorporates a 
representation of session state of a client; (Column 3, lines 34-40) 

• encrypting the encoded token using a one-way encryption scheme to produce an 
encrypted token; (Column 3, lines 60-66) (Column 5, lines 55-57) 

• sending the encrypted token to the client, (Column 3, lines 50-52) 

Claims 7, 31 , 37, 38, 45, 46, 49, are rejected for the same reasons as claim 1 . 

Claim 42 is rejected for the same reasons as claim 1 . The examiner takes note that a 
processor is inherent to server systems. 

In reference to claim 2: 

Bachman et al. discloses a method further comprising authenticating the user of the 
client, (Column 3, lines 25-34) 

In reference to claim 3: 

Bachman et al. (Column 3, lines 25-34) discloses a method as recited further 
comprising authenticating the user of the client, wherein the authenticating step 
comprises: 

• receiving a user identification indicator ("username") and a password 
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• comparing the username to a database of authorized user records, each record 
containing a username and a username-associated password 

• comparing the password received in the receiving step to a username-associated 
password of a record containing a matching username; 

• establishing a session for the user. 

In reference to claim 4: 

Bachman et al. discloses method wherein the generating step comprises forming a 
confirmation token that incorporates a representation of an incremental time block, 
where the representation of the incremental block is stored in both T, and M. (Column 4, 
lines 1 1 -1 7) & (Column 6, lines 1 0-1 9). The time blocks stored in the variables are all 
incorporated into the index entries of the token. 

Claim 9 is rejected for the same reasons as claim 4, 

In reference to claim 5: 

Bachman et al. discloses a method wherein the generating step comprises forming a 
confirmation token that incorporates a representation of a current incremental time 
block, where the current time block representation is time t. (Column 4, lines 10-37) 
The current time block is incorporated in the index entries of the token. 

Claim 10,13 are rejected for the same reasons as claim 5. 
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In reference to claim 6: 

Bacliman et al. discloses a method wherein the generating step comprises forming a 
confirmation token that incorporates a representation of an incremental time block that 
is prior a current incremental time block, where the representation of the incremental 
time block with time stored in T is inherently is prior to the current incremental time 
block. (Column 4, lines 10-37) & (Column 6, lines 10-19) 

Claim 1 1 is rejected for the same reasons as claim 6. 

In reference to claim 8: 

Bachman et al. discloses a session state management method comprising: 

• Receiving a one-way encrypted, session state token from a client, wherein the 
token Incorporates a representation of a session state of a client, where the page 
contains the token has a portion of it returned to the server. (Column 4, lines 7- 
10) 

• Generating a one time encrypted, confirmation session state token; (Column 4, 
lines 28-32) 

• Comparing the confirmation token with the received token. (Column 4, lines 33- 
37) 

Claim 16, 34, 39, 43, 50 is rejected for the same reasons as claim 8. 
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In reference to claim 12: 

Bachman et al. discloses a method as recited further comprising: 

• Issuing a one-way encrypted, replacement session-state token. (Column 6, lines 
38-42) 

• Sending the replacement token to the client. (Column 6, lines 38-42) 
In reference to claim 14: 

Bachman et al. discloses a method as recited wherein the generating step comprises 
forming a confirmation token that incorporates a representation of an incremental time 
block, if confirmation and received tokens fail to match, the method further comprising: 

• Generating a new one way encrypted, confirmation session-state token, wherein 
the confirmation token incorporates a representation of a previous incremental 
time block 

• Comparing the new confirmation token with the received token. (Column 4, lines 
33-37) 

In reference to claim 19: 

Bachman et al. discloses a session-state management method comprising: 

• Authenticating a user of a client to establish a session with the user; (Figure 4, 
Items 401,403,405) 
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• Generating an encoded session state token, wherein the encoded token 
incorporates a representation of session-state of the user's session; (Column 3, 
lines 34-43) 

• Sending the session-state token to the client. (Column 3, lines 50-54) 
Claim 27 is rejected for the same reasons as claim 19. 

In reference to claim 20: 

Bachman et al. discloses a method as recited wherein the authenticating step 
comprises: 

• Receiving a user identification indicator ("username") and a password', where the 
username is the user identity information. 

• Comparing the username to a database of authorized user records, each record 
containing a username and a username-associated password, where comparing 
the username to a database of records is inherent. 

• Comparing the passvyord received in the receiving step to a username 
associated password of a record containing a matching username, where 
comparing the password to username associated password of a record 
containing matching username is inherent. 

• Establishing a session for a user. 

(Column 3, lines 27-34) & (Figure 4, Items 401,403,405) 
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In reference to claim 21 : 

Bachman et al. discloses a method wherein: 

• The user is identified by a user identification indicator(UserlD), where the user ID 
is the user identity information. (Column 3, lines 27-34) 

• The generating step comprises forming a session-state token at least partially 
based upon the UserlD, where the session token is created from a hash of the 
user identity information. (Column 3, lines 34-39) 

In reference to claim 22: 

Bachman et al. discloses a method wherein: 

• A time block is identified by a time block identification number (TimelD), where 
the "timeoutID" discloses the use of time block identification numbers, and where 
the time block is stored in T. (Figure 5, near <BODY onLoad="">) 

• The generating step comprises forming a session state token at least partially 
based on the TimelD, where the timelD is the time information T (Column 3, 
lines 43-47) 

In reference to claim 23: 

Bachman et al. discloses a method wherein: 

• The user is identified by a user identification indicator (UserlD) (Figure 4, Item 
405) 
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• A time block is identified by a time block identification indicator (TimelD), Figure 5 
"timeoutlD"(near <BODY onLoad=""> ) 

• The generating step comprises forming a session state token at least partially 
based upon the UserlD and the TimelD. (Column 3, lines 43-49) 

Claim 26, 28, 33 is rejected for the same reasons as claim 23. 

In reference to claim 24: 

Bachman et al. discloses a method further comprising: 

• Encrypting the encoded token between the generating and the sending steps, 
(Column 5, lines 53-56), and where the token is later transmitted in (Column 6, 
lines 1-4) 

In reference to claim 25: 

Bachman et al. discloses a method further comprising: 

• One way encrypting the encoded token between the generating and the sending 
steps, where the one way encryption is done by using an algorithm such as the 
DES algorithm. (Column 5, lines 53-56) 

In reference to claim 29: 

Bachman et al. discloses a method wherein the combining step comprises 
concatenating UserlD and TimelD, where the concatenation is performed in both the 
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step of storing the ID's together in the index table of the token and, when the token is 
placed in the hypertext link in the page. (Column 3, lines 43-64) 

In reference to claim 30: 

Bachman et al. discloses a method wherein the combining step comprises 
concatenating UserlD, TimelD, and a code key, where the code key is the random 
numbers used in the generation of the token, (Column 3, lines 34-49) 

In reference to claim 32: 

Bachman et al. discloses a method wherein the encrypting step comprises: 
Encrypting the encoded token using a one-way encryption scheme to produce an 
encrypted result. (Column 5, lines 53-56) 

Selecting a defined portion of the encrypted result to form a session-state token. 
(Column 5, line 64 - Column 6, line 9) 

In reference to claim 35: 

Bachman et al. discloses a method wherein the generating step comprises forming a 
confirmation token that incorporates a representation of a current incremental time 
block, if confirmation and received tokens fail to match, further comprising: 

• Generating a new confirmation token using a representation of a incremental 
time block previous of the time block representation used for the previous 
generating step, where the new confirmation token is generated using a 
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representation of the previous tinne block that existed in the previous token. 
(Column 6, lines 20-28) 

• Comparing the new confirmation token with the received token, (Column 6, lines 
27-31) 

In reference to claim 40: 

Bachman et al. discloses a session-state management method comprising: 

• Receiving a user-associated TimelD from a client, wherein the encoded token 
incorporates a representation of session-state of the user's session, where the 
received TimelD is the Time T encoded within the client's token sent back to the 
server when the user peruses a page. (Column 4, lines 1 1 -37) 

• Designating a first time block identification indicator (TimelD) for a first time 
block, where the first time block identification indicator is stored on the server and 
indicates the current time. (Column 4, lines 11-37) 

• Comparing the user-associated TimelD with the first TimelD, where the user 
associated current time t is compared with the original timelD T. (Column 4, lines 
11-37) 

In reference to claim 41 : 

Bachman et al. discloses a method further comprising: 

• Designating a prior TimelD for a time block prior to the first time block, where the 
prior TimelD is the time T stored on the user's token, received by the server 
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when the user peruses a page. This TimelD is inherently prior to first time block 
containing the current time. (Column 4, lines 1 1-37) 

• Comparing the user-associated TimelD with the prior TimelD. (Column 4, lines 
11-37) 

In reference to claim 44: 

Bachman et al. discloses a server to communicate with a client over a communications 
network, the server comprising: 

• A processor, where the processor is inherent to a server system. 
A session state manager executable on the processor to: 

• Authenticate a user of the client; (Column 3, lines 25-34) 

• Generate an encoded session-state token, wherein the token incorporates a 
representation of session state of the client; (Column 3, lines 43-49) 

Send the session-state token to the client. (Column 3, lines 50-53) 

In reference to claim 47: 

Bachman et al. discloses a server to communicate with a client over a communications 
network, wherein an authenticated user is identified by a user identification 
indicator(UserlD) and a time block identification number (TimelD) identifies a specific 
time block, the server comprising; 

• A processor, where the processor is inherent to a server system. 
A session-state manager executable on the processor to: 
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• Combine userlD and TimelD to produce an encoded token encrypt the encoded 
token, where the UserlD is the user identity information and the timelD is a 
representation of the time stored in T. (Column 3, lines 43-49) 

In reference to claim 48: 

Bachman et al. discloses a server to communicate with a client over a communications 
network, the server comprising: 

• A processor, where the processor is inherent to a server system. 
A session state manager executable on the processor to: 

• Receive a user-associated, encoded confirmation session state token, wherein 
the confirmation token incorporates a representation of session state of the 
client, where the user encoded token is in the form of the page that is returned 
when the user clicks on a hyperlink. (Column 4, lines 7-10) 

• Compare the received token with the confirmation token. (Column 4, lines 18-24) 



Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

• US Patent 6,041,357 

• US Patent 6,496,824 
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• US Patent 5,835,724 

• US Patent 6,065,117 

• US Patent 5,491 ,752 

• US Patent 5,542,046 

• PCT WO 9740457 A2 

6. Any inquiry concerning this communication or earlier communications from tlie 
examiner should be directed to Thomas M Ho whose telephone number is (703)305- 
8029. The examiner can normally be reached on M-F from 8:30am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached at (703)308-4789. The fax phone 
numbers for the organization where this application or proceeding is assigned are 
(703)746-7239 for regular communications and (703)746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703)306- 
5484. 
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